WAFV2 / Client / put_permission_policy

put_permission_policy#

WAFV2.Client.put_permission_policy(**kwargs)#

Attaches an IAM policy to the specified resource. Use this to share a rule group across accounts.

You must be the owner of the rule group to perform this operation.

This action is subject to the following restrictions:

  • You can attach only one policy with each PutPermissionPolicy request.

  • The ARN in the request must be a valid WAF RuleGroup ARN and the rule group must exist in the same Region.

  • The user making the request must be the owner of the rule group.

See also: AWS API Documentation

Request Syntax

response = client.put_permission_policy(
    ResourceArn='string',
    Policy='string'
)
Parameters:
  • ResourceArn (string) –

    [REQUIRED]

    The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.

  • Policy (string) –

    [REQUIRED]

    The policy to attach to the specified rule group.

    The policy specifications must conform to the following:

    • The policy must be composed using IAM Policy version 2012-10-17.

    • The policy must include specifications for Effect, Action, and Principal.

    • Effect must specify Allow.

    • Action must specify wafv2:CreateWebACL, wafv2:UpdateWebACL, and wafv2:PutFirewallManagerRuleGroups and may optionally specify wafv2:GetRuleGroup. WAF rejects any extra actions or wildcard actions in the policy.

    • The policy must not include a Resource parameter.

    For more information, see IAM Policies.

Return type:

dict

Returns:

Response Syntax

{}

Response Structure

  • (dict) –

Exceptions

  • WAFV2.Client.exceptions.WAFNonexistentItemException

  • WAFV2.Client.exceptions.WAFInternalErrorException

  • WAFV2.Client.exceptions.WAFInvalidParameterException

  • WAFV2.Client.exceptions.WAFInvalidPermissionPolicyException